aboutsummaryrefslogtreecommitdiff
path: root/plat/st
diff options
context:
space:
mode:
authorYann Gautier <yann.gautier@foss.st.com>2021-08-16 11:58:01 +0200
committerYann Gautier <yann.gautier@foss.st.com>2021-08-17 09:10:51 +0200
commit99080bd1273331007f0b2d6f64fed51ac6861bcd (patch)
tree7e3002a2eabc4e0a91cf146b9fb30be2ae4c4925 /plat/st
parent391828923fdd846ebc41745b72343b2a0b6a7204 (diff)
downloadtrusted-firmware-a-99080bd1273331007f0b2d6f64fed51ac6861bcd.tar.gz
fix(plat/st): apply security at the end of BL2
Now that the DDR is mapped secured, the security settings (TZC400 firewall) have to be applied at the end of BL2 for the OP-TEE case. This is required to avoid checskum computation error on U-Boot binary, for which MMU and TZC400 would not be aligned. Change-Id: I4a364f7117960e8fae1b579f341b9f140b766ea6 Signed-off-by: Yann Gautier <yann.gautier@foss.st.com>
Diffstat (limited to 'plat/st')
-rw-r--r--plat/st/stm32mp1/bl2_plat_setup.c7
1 files changed, 5 insertions, 2 deletions
diff --git a/plat/st/stm32mp1/bl2_plat_setup.c b/plat/st/stm32mp1/bl2_plat_setup.c
index 3e179fbbf8..b4c42fc06c 100644
--- a/plat/st/stm32mp1/bl2_plat_setup.c
+++ b/plat/st/stm32mp1/bl2_plat_setup.c
@@ -153,8 +153,6 @@ void bl2_platform_setup(void)
#ifdef AARCH32_SP_OPTEE
INFO("BL2 runs OP-TEE setup\n");
- /* Initialize tzc400 after DDR initialization */
- stm32mp1_security_setup();
#else
INFO("BL2 runs SP_MIN setup\n");
#endif
@@ -384,4 +382,9 @@ int bl2_plat_handle_post_image_load(unsigned int image_id)
return err;
}
+
+void bl2_el3_plat_prepare_exit(void)
+{
+ stm32mp1_security_setup();
+}
#endif